Presentation by Bill Wright, Symantec on the Cyber Threat Environment presented at the Government Technology & Services Coalition (GTSC) meeting The National Security Supply Chain: Reducing the Vulnerabilities
5. The “What”
• Malicious activity in many key sectors
• DDOS attacks – financial sector
• Destructive attacks – oil & gas
• Compromise and manipulation of media
websites
5
6. The “How”
• Volume of attacks increasing
• Sophistication increasing – but not always
• Social engineering still key
6
16. Spear
Phishing
Watering Hole
Attack
Send an email to a
person of interest
Infect a website and lie
in wait for them
• Targeted Attacks predominantly start as spear phishing attacks
• In 2012, Watering Hole Attacks emerged
Internet Security Threat Report 2013 :: Volume 18
16
17. Effectiveness of Watering Hole Attacks
1 Watering Hole
Attack in 2012
500 Companies
All Within
24
Hours
• Watering Hole attacks are targeted at specific groups
• Can capture a large number of victims in a very short time
Internet Security Threat Report 2013 :: Volume 18
17
18. Recent Example of Watering Hole Attack
• In 2013 this type of attack will become widely used
• In February of this year several high profile companies fell
victim to just such an attack
Internet Security Threat Report 2013 :: Volume 18
18
21. Targeted Attacks by Company Size
50% 2,501+
50% 1 to 2,500
Employees
2,501+
9%
1,501 to 2,500
2%
3%
5%
1,001 to 1,500
501 to 1,000
251 to 500
50%
31%
1 to 250
18%
in 2011
21
23. Targeted Attacks by Industry
24%
Manufacturing
Manufacturing
19%
Finance, Insurance & Estate
Finance, Insurance & Real Real Estate
17%
Services – Non-Traditional
Services – Non-Traditional
12%
Government
Government
10%
Energy/Utilities
Energy/Utilities
8%
Services – Professional
Services – Professional
Wholesale
Wholesale
2%
Retail
Retail
2%
Aerospace
Aerospace
2%
1%
Transportation, Communications,
Transportation, Communications, Electric, Gas
Electric, Gas
0%
5%
10%
15%
20%
25%
30%
• Manufacturing moved to top position in 2012
• But all industries are targeted
Internet Security Threat Report 2013 :: Volume 18
23
Thanks for the opportunity to be here today and thank you to GTSC for putting together such a great event.Very excited to be before this group, because there is not an event I go to, a panel I speak on, or an industry meeting I attend where we don’t come back to the fact that we need to raise awareness of cyber threats.Lots to cover in a short time so I’ve tried to cherry-pick a few recent examples of cyber attacks that highlight bigger trends that we are seeing. Symantec is the largest security software company in the world and we are truly global so we are very good at identifying trends. We call this my “who-what-how-so what” threat brief.
But I’ll start with a quiz: Which one of these devices has recently been hacked in a cyber attack? Several good candidates here….Is it the networked trash can that tracks people walking through London’s financial district through their mobile phones and then displays personalized ad campaigns? Is it the “smart” TV that comes with a web browser, apps, microphone and camera?(Where with just a little bit of extra code, someone can remotely watch you from their laptop without you knowing) Or is it the networked baby monitor?
Answer is the baby monitor – so far . . . But the truth is, any of these devices can potentially be hacked. I mention this because we are now entering the age of the “Internet of Things”.Where most of our everyday devices and tools are becoming interconnected through the internet.Very soon, everything from the toaster oven in your kitchen, to crops in the field, to our soldiers in battle will be connected and communicate through the internet.A sobering stat s the stat that the total number of physical devices connected to the internet is estimated to go from 12.5 billion today to 50 billion by 2020 or in the next six years. This is to say that in the years to come, we will be even more reliant on a safe and secure internet – turns out it is not a fad -- and the result will be even more potential threat vectors
For example, this year we saw a line of code in a tracking scrip on a human rights organization’s website with the potential to compromise a computer. It exploited a new, zero-day vulnerability in Internet Explorer® to infect visitors. Our data showed that within 24 hours, people in 500 different large companies and government organizations visited the site and ran the risk of infection. The attackers in this case, known as the ElderwoodGang, used sophisticated tools and exploited zero-day vulnerabilities in their attacks, pointing to a well- resourced team backed by a large criminal organization or a nation state.
The ISTR 18 revealed a surge in targeted attacks – they have increased 42 percent in the last year alone.
This year’s ISTR highlights how businesses of all sizes are at risk; in fact, 31 percent of targeted attacks in 2012 were aimed at businesses with fewer than 250 employees
And who is a bigger target among employees? The individual employee or those at the C-level? Both are targets but only 17% of targeted attacks are aimed at the C-level. There are many methods of getting inside the organization, like with phishing attacks in spam email. Or targeting the in box of a shared account like info@companyname.com. Or HR because in a smaller organization you might still be receiving resumes as attachments in email. You’ve all heard of phishing attacks right? Those are tricky messages that look like urgent business from a bank, a government agency, even a member of a foreign royal family. But if the bad guys want to go after a particular organization, they will use what is known as a spear phishing attack. Now, what is spear phishing attack? Imagine you are the office manager for a small company.